Improper resource allocation In magick.net-q16-hdri-x86
Description
ImageMagick's failure to limit the depth of SVG file reads caused a DoS attack
Summary
Using Magick to read a malicious SVG file resulted in a DoS attack.
Details
bt obtained using gdb:
#4 0x0000555555794c9c in ResizeMagickMemory (memory=0x7fffee203800, size=391344) at MagickCore/memory.c:1443 #5 0x0000555555794e5a in ResizeQuantumMemory (memory=0x7fffee203800, count=48918, quantum=8) at MagickCore/memory.c:1508 #6 0x0000555555acc8ed in SVGStartElement (context=0x517000000080, name=0x5190000055e3 "g", attributes=0x0) at coders/svg.c:1254 #7 0x00007ffff6799b1c in xmlParseStartTag () at /lib/x86_64-linux-gnu/libxml2.so.2 #8 0x00007ffff68c7bb8 in () at /lib/x86_64-linux-gnu/libxml2.so.2 #9 0x00007ffff67a03f1 in xmlParseChunk () at /lib/x86_64-linux-gnu/libxml2.so.2...
This is related to the SVGStartElement and ResizeQuantumMemory functions.
PoC
Generate an SVG file
Read this file using Magick:
./magick /data/ylwang/Tools/LargeScan/targets/ImageMagick/test++/1.svg null
Causes a DoS Attack
My server has a large amount of memory, causing a stack overflow to take a long time. I'll use the Windows release version as an example:
PS C:\Program Files\ImageMagick-7.1.2-Q8> .\magick.exe -ping 1.svg null: PS C:\Program Files\ImageMagick-7.1.2-Q8> echo $LASTEXITCODE -1073741571
The error code -1073741571 indicates a crash due to a stack overflow.
Impact
This is a DoS vulnerability and all applications using Magick to parse SVG files are affected.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 nuget | 14.10.1 | ||
nuget | 14.10.1 | ||
nuget | 14.10.1 | ||
nuget | 14.10.1 | ||
nuget | 14.10.1 | ||
nuget | 14.10.1 | ||
nuget | 14.10.1 | ||
nuget | 14.10.1 | ||
nuget | 14.10.1 | ||
nuget | 14.10.1 |
1-10 of 23
10
Aliases
References